Lucene search
HistoryOct 16, 2023 - 9:15 a.m.
CVE-2023-43666
apache inlong
data authenticity
vulnerability
unauthorized access
admin account
upgrade
patch
pull request 8623
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
28.4%
Insufficient Verification of Data Authenticity vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0,
General user can view all user data like Admin account.
Users are advised to upgrade to Apache InLong’s 1.9.0 or cherry-pick [1] to solve it.
Affected configurations
Node
apacheinlongRange1.4.0–1.8.0
Related
github
github
Insufficient Verification of Data Authenticity in Apache InLong
2023-10-16 09:30:19
cvelist
cvelist
prion
prion
Design/Logic Flaw
2023-10-16 09:15:00
cve
cve
CVE-2023-43666
2023-10-16 09:15:10
osv
osv
Insufficient Verification of Data Authenticity in Apache InLong
2023-10-16 09:30:19
cnvd
cnvd
Apache InLong Data Forgery Issue Vulnerability
2023-10-19 00:00:00
veracode
veracode
Information Disclosure
2023-10-17 20:09:15
vulnrichment
vulnrichment
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
28.4%
Related for NVD:CVE-2023-43666